CVE-2005-0313

high

Description

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19114

https://exchange.xforce.ibmcloud.com/vulnerabilities/19108

http://www.securityfocus.com/bid/12388

http://securitytracker.com/id?1013017

http://secunia.com/advisories/14053

http://marc.info/?l=bugtraq&m=110685011825461&w=2

Details

Source: Mitre, NVD

Published: 2005-01-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.10034